package com.gjp.securitydemo.config;

import com.gjp.securitydemo.config.auth.mobile.MobileAuthenticationProcessingFilter;
import com.gjp.securitydemo.config.auth.mobile.MobileAuthenticationProvider;
import com.gjp.securitydemo.config.auth.service.impl.UserDetailsServiceImpl;
import com.gjp.securitydemo.config.auth.username.UsernamePasswordAuthenticationProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private MobileAuthenticationProcessingFilter mobileAuthenticationProcessingFilter;
    @Autowired
    private MobileAuthenticationProvider mobileAuthenticationProvider;
    //兼容默认账号密码形式
    @Autowired
    private UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public UserDetailsService userDetailsServiceBean() throws Exception {
        return new UserDetailsServiceImpl();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //添加自定义认证
        auth.authenticationProvider(usernamePasswordAuthenticationProvider);
        auth.authenticationProvider(mobileAuthenticationProvider);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .formLogin()
                .and()
                .authorizeRequests()
                .antMatchers("/login/**").permitAll()
                .anyRequest().authenticated()
                .and().exceptionHandling();
//                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        //添加自定义过滤器
        http.addFilterBefore(mobileAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManager();
    }
}
